os_unlock_active_user_session_disable negatively impacts Platform SSO Accounts #579
Description
Summary
Implementing os_unlock_active_user_session_disable from the Tahoe branch which it applies a configuration profile on the com.apple.loginwindow domain and key of screenUnlockMode:1 while also having an account that is registered with Platform Single Sign On results in regular failed unlock attempts when waking the system from sleep.
(Additional Context: Using Platform Single Sign On with Entra ID and Smart Card Authentication).
Steps to reproduce
Enforce the configuration profile to set screenUnlockMode:1 on `com.apple.loginwindow. Have an account registered for Platform Single Sign On with Smart Card Authentication. Use the system, then lock the user session. Wait approximately 10-30minutes, and attempt to unlock the system. Upon providing a correct PIN, the system shows a spinning pinwheel that does not go away and does not ultimately unlock the session. The only workaround is to shut down and restart the system forcefully. The issue occurs on average once every 8 hours.
Additional Clarity: I am unsure whether this issue also impacts PSSO with Password Sync
Operating System version
macOS Tahoe 26.x (Public Release and Beta)
Intel or Apple Silicon
Have only tested against Apple Silicon
What is the current bug behavior?
Randomly attempting to unlock a current user session will not work. PIN is correct, but the unlock process hangs.
What is the expected correct behavior?
Successful unlock after entering the proper PIN from the smart card without issue or delay.
Possible fixes
screenUnlockMode being set to 0 resolves the problem, but goes against the baseline rule as presently written.